Help Desk password reset tool?

I'm digging deep in to the SSO servlets looking for a way to enter a call in a pflow to force the LDAP sync. If anyone has any ideas, it would be much appreciated.

newbie question: where are the SSO servlets located?

We did the scripted ssoconfig thing during the time in between implement LSF9 and doing the ldapbind.  In our case, we use an enterprise-wide password maintenance tool (Entact) but the basic idea would work without it as all it did in our case was deliver an xml file.  I won't claim it was elegant, but it worked.  The biggest downside to is that your passing passwords around as plain text.  What you would need to create is a program that the help desk would use that would let them enter an id and password, then create a deliver the xml file.

The xml file looked like the attachment (where cdh034 is the user id and newpawd is the password):

We then had a cron driven script executing ssoconfig (where ???????? is your ssoconfig password):

#  Script to look through the directory FTPHub drop entact requests
#  into and process them through ssoconfig.
. cv lawprod
ENTACTDIR=/lawson/lawprod/law/entact
LISTFILE=$ENTACTDIR/list
LOGFILE=/lawson/lawprod/law/system/ChangeSSOPassword.log
DATESTAMP=$(date '+%D %r')
# Check to see is there is an lase process
if (( $(ps -ef | grep lase | wc -l) >= 2 )); then
   ls $ENTACTDIR/UserID*.xml > $LISTFILE 2> /dev/null
   if [[ -s $LISTFILE ]]
   then
      exec 0<$LISTFILE
      while read NAME
      do
         print "$DATESTAMP  Updating password" >> $LOGFILE
         fgrep "" $NAME >> $LOGFILE
         ssoconfig -l ???????? $NAME >> $LOGFILE
         rm -f $NAME >> $LOGFILE
      done
   fi
   rm $LISTFILE
fi

Sorry, I hadn't been watching this list actively lately. I missed a few questions out here.

John Desmaris is a really bright guy, and his solution would work well. As he said NOT OPTIMAL, but does work. I'm with him on the plain-text passwords. Lawson (if you're reading), give us a command line tool to encrypt the passwords for ssoconfig, like with BPM config.

The other major method would be to emulate the LSGate calls the Security Client uses internally.

Kwane

I found ssoconfig to be unreliable with the -l tag.

I ended up using processflow with a custom service that picks up a csv. This csv is populated from another web site that authenticates either by helpdesk assigned temporary password or Novell authentication. Since Lawson ids always begin with the Novell ID, it works kind of like a self-help.

I'd really like to utilize the same bouncy castle routines to encrypt the password in order to get past the (up to) 15 minute delay. At least until we do the LDAP bind.

Thanks for all of the input.